LastPass CLI Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: lastpass-cli Version: 0.1.0 The skill is classified as suspicious due to its inherent high-risk capability: accessing sensitive LastPass credentials via the `lpass` CLI, as implemented in `tools/lastpass.sh`. While this behavior is explicitly aligned with the stated purpose in `SKILL.md` and there is no evidence of additional malicious intent (such as data exfiltration, persistence, or prompt injection against the agent), the direct access to a local secrets vault constitutes a significant 'risky capability' as defined by the provided threshold.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly, the agent could access passwords or notes from the user’s vault beyond what the user intended for the current task.
This shows the skill uses the user's existing LastPass CLI access to retrieve vault credentials, which is high-impact delegated account authority.
retrieve credentials from the local LastPass vault using the `lpass` CLI
Require explicit user approval for each vault entry and field, document the required LastPass session, and consider an allowlist of permitted entry names.
A mistaken or manipulated request could cause the agent to fetch an unintended secret or full vault entry contents.
The helper retrieves sensitive fields or the raw full entry for any provided item name, with no built-in confirmation, allowlist, or output restriction.
lpass show --password "$name" ... lpass show --notes "$name" ... lpass show "$name"
Remove or restrict the 'raw' mode by default, validate allowed fields, and require a user confirmation step before returning secret material.
The skill may fail or use whatever 'lpass' executable is available in the user’s PATH, so users must ensure they have the legitimate LastPass CLI installed.
The script depends on the local 'lpass' binary, while the registry metadata declares no required binaries and there is no install spec.
lpass show --password "$name"
Declare 'lpass' as a required binary and provide setup guidance that directs users to a trusted installation source.
Passwords or notes may become visible to the agent and potentially to logs or downstream automation depending on the host environment.
The command prints the retrieved secret to stdout, meaning the secret can be returned into the agent workflow or conversation context.
lpass show --password "$name"
Use the skill only for specific approved entries, avoid retrieving notes/raw data unless necessary, and ensure the agent environment redacts or avoids retaining secrets.